﻿using System;
using System.Web.Mvc;
using gnet1.Models;
using AuthorizeNet;

/* This demonstates making a Authorize.NET PCI Compliant transaction
 * All of the payment information is posted directly to Authorize.net for processing
 */

namespace gnet1.Controllers
{
  public class PaymentController : Controller
  {
    private ANetViewModel aNetViewModel;
    private static string Hash;

    // This would occur after collecting user and product selections
    public ActionResult Index()
    {
      aNetViewModel = new ANetViewModel(9.99m);
      Hash = aNetViewModel.Hash;
      return View(aNetViewModel);
    }

    [HttpPost]
    public ActionResult Sim(FormCollection post)
    {    
      SIMResponse response = new SIMResponse(post);
      ResponseViewModel model = new ResponseViewModel();
      model.response = response;
      model.MyFormCollection = post;

      try
      {
        model.Message = Hash;
      }
      catch (Exception ex)
      {
        model.Message = ex.Message;
      }


      //first order of business - validate that it was Auth.net that posted this using
      //the MD5 hash that was passed back to us
      var isValid = true;


      //var isValid = response.Validate("YOUR_MERCHANT_HASH_CODE", "56r7aSCG9");

      //if it's not valid - just send them to the home page. Don't throw - that's how
      //hackers figure out what's wrong :)
      if (!isValid)
        return Redirect("/");

      // if good transaction create customer, add shipping address and payment method


      // Else - Handle Error

      //the URL to redirect to- this MUST be absolute
      //var returnUrl = "http://test.purepathway.com/Home/Receipt?m=" + response.Message;
      //return Content(CheckoutFormBuilders.Redirecter(returnUrl));
 
      return View(model);
    }
  
    public ActionResult Receipt()
    {
      return View();
    }
  }
}
